Autore: Todd Lyons Data: To: Ian Eiloart CC: exim-users@exim.org users Oggetto: Re: [exim] Spamtrap harvesting idea using fake authentication
On Fri, Jun 7, 2013 at 7:42 AM, Ian Eiloart <iane@???> wrote: >
>> Suppose we reconfigured servers with no authentication configuration to advertise that they take authentication and that you have a fake authenticator that accepts any password.
> It might be better to accept only, say, 1% of authentication attempts. That would prevent the hacker from trivially detecting your trap (by authenticating to the same account with two different passwords).
Even better: accept that 1%, store that info, and then wait for IP's
to connect using that username and password combination (and either
reject it or blackhole it, your choice) and use long delays for
systems that connect with that user/pass combo.
The resulting data will tie together methods/sources of password
cracking with the exploited systems that try to abuse it.
...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
